Als DHCP-Server fungiert mein Router - der kann keine weiteren Optionen setzen. Darum hab ich dnsmasq auf dem UCS/OPSI installiert
Code: Alles auswählen
interface=eth0
# Don't function as a DNS server:
port=0
# Log lots of extra information about DHCP transactions.
log-queries
# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
dhcp-range=192.168.2.0,proxy,5m
# The boot filename.
dhcp-boot=pxelinux.0,192.168.2.40,192.168.2.0
# kill multicast
dhcp-option=vendor:PXEClient,6,2b
# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override
# PXE menu
# pxe-prompt="Press F8 for boot menu", 3
# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
pxe-service=X86PC, "Boot from network", pxelinux
#enable-tftp
tftp-root=/tftpboot/linux
Code: Alles auswählen
ucr set security/packetfilter/udp/69/all=ACCEPT
Code: Alles auswählen
modprobe ip_conntrack_tftp
modprobe ip_conntrack_ftp
/sbin/iptables -A INPUT -s 192.168.2.0/24 -p "udp" --dport 69 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -s 192.168.2.0/24 -p "tcp" --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -s 192.168.2.0/24 -p "tcp" --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT